[pkg-gnupg-maint] Bug#794667:

Ian Munsie darkstarsword at gmail.com
Thu Aug 6 22:36:58 UTC 2015


Another way that a distro can mitigate this (and other) attacks on a
user process like gpg-agent is by installing it with the setgid bit
set. The Linux kernel will prevent ptrace attacks on such a process in
a race free manner.

for example, ssh-agent already does exactly this:
ian at draal~ [i]> ls -l /usr/bin/ssh-agent
-rwxr-sr-x 1 root ssh 350232 Mar 23 11:32 /usr/bin/ssh-agent*



More information about the pkg-gnupg-maint mailing list